CVE-2022-3226

Summary

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

Affected Software

VendorProductVersion RangeStatus
SophosSophos Firewallunspecified < 19.5 GAaffected
SophosSophos Firewallunspecified < 19.0 MR2affected
SophosSophos Firewallunspecified < 18.5 MR5affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References